Routing issue between LAN, OPT1 and Remote Subnet.

netracer

Sorry, I click a wrong button to create a poll, and can not find a way to delete it ;D


Recently we employ a SIP trunk (4 channels) to our IP-PBX, and plan to use pfSense (v.1.23) to replace a old NetScreen 5GT(v.5). The network structure as below:

ITSP provides a dedicate link and router for the SIP trunks. Unfortunately, the IP-PBX only has a LAN port. If the PBX directly connects to the SIP router, it works fine, but we lose all the IP phones. So, I have to setup a static route between the two subnets.

The SIP trunks requires the PBX endpoint has the assigned IP 10.12.51.3 which I assigned to OPT1. And use 10.12.51.254 as the gateway to reach SIP server on ITSP site.

I create a very lose firewall rule and allow the traffic from OPT1 interface to anywhere. A static route is created on LAN interface, to subnet 10.20.30.0 should use gateway 10.12.51.254. The SIP router and the OPT1 is linkup by a UTP.

The problem is from pfSense LAN interface can not ping 10.20.30.1, not even 10.12.51.254. But from OPT1 can reach 10.20.30.1. From LAN just can only ping OPT1 10.12.51.3. I check the Route Table, it seems all right.

Can any experts give me any idea about that. Thank you in advance.

1.png_thumb
![firewall rule.png](/public/imported_attachments/1/firewall rule.png)
![firewall rule.png_thumb](/public/imported_attachments/1/firewall rule.png_thumb)
![Static Route.png](/public/imported_attachments/1/Static Route.png)
![Static Route.png_thumb](/public/imported_attachments/1/Static Route.png_thumb)
![route staus.png](/public/imported_attachments/1/route staus.png)
![route staus.png_thumb](/public/imported_attachments/1/route staus.png_thumb)

netracer

Hi, I had some progress recently. Let me re-dram a simplify network diagram.

Internet
|
|
|
ADSL Modem
|
|
|
–-------------------------- ------------------------- ------------
| WAN OPT(10.12.51.3)|----| LAN1: 10.12.51.254| | ITSP |
| | |SIP Router | |SIP Server|
| pfSense | | LAN2:|------------|10.20.30.1|
| | ------------------------ ------------

Lan (192.168.1.254)

| PBX |
|192.168.1.250|

I finally realized I should setup a Dual WAN configuration on my pfSense firewall. Because I can not touch the SIP router provided by ITSP, I can not setup a static route and tell the SIP router our LAN is on the other side. So, with a simple static route on pfSense won’t tell the packet come back to my LAN.

I setup a gateway address (10.12.51.254) under OPT1 interface. OPT1 just acts as another WAN port. After that, I can ping the SIP server at 10.20.30.1.

But the SIP call can not be established. According the other tutorial, I enable AON, I create NAT for LAN segment for both WAN port and OPT1 port, and make the static port for SIP 5060. For inbound NAT, I setup a rule for SIP UDP 5060, pointing to PBX at 192.168.1.250.

I have the incoming call working perfectly, but the outgoing calls still have problem. Because the SIP server will only accepts SIP Invite from authorize IP10.12.51.3. I use Wireshark to capture the packet, in the message header, the SIP Invite IP actually from the PBX IP 192.168.1.250 rather than 10.12.51.3. It seems a NAT problem, hopefully experts can give me some hints.